Azure Virtual Desktop 101. Benefits, Typical Architecture and How It Integrates With Nerdio

Azure Virtual Desktop (AVD) is an enterprise Desktop as a Service (DaaS) solution which enables businesses to provision Windows virtual machines, complete with support for Office 365 and other business applications.

In this article, you will learn:

• What is Azure Virtual Desktop (AVD)
• Benefits of AVD
• Typical AVD Architecture
• What is Nerdio Manager
• Why Azenix chooses Nerdio

‍

What is Azure Virtual Desktop (AVD) 

There are many enterprise Desktop as a Service (DaaS) solutions in the market and they have been experiencing significant growth in both technology and market share in the past few years, especially during the pandemic and the global silicon shortage. From Citrix Virtual Desktops to VMWare Horizon, Azure Virtual Desktop (AVD) offers a compelling alternative to enterprise customers as it blends Microsoft’s two biggest products – Azure Cloud and Windows operating systems.

‍

AVD is essentially a Platform As A Service (PaaS) offering which is entirely managed by Microsoft and reduces the overheads for system administrators, including configuration, deployment and scalability. Administrators can publish virtual desktops from a single host pool for different types of end-users. With Windows 10 and Windows 11 Enterprise recently introducing multi-session capability exclusively to AVD, organisations can choose to reduce virtual machines and operating system overheads for wider business users. 

‍

Benefits of Azure Virtual Desktop (AVD)

From our experience in delivering AVD solutions to our clients, we see the following benefits that AVD can provide:

‍

• Employees can use their own devices and AVD to securely access on-premise services as virtual machines (VM) are attached to secure networking resources.
• It delivers a virtualised and optimised Office 365 experience. OneDrive syncs employees’ work files with the cloud via Microsoft’s global network which has high bandwidth and low latency. Our clients also take advantage of Azure’s ecosystem of software solutions and the ability to customise their software management.
• Security for remote working arrangement – There is no data left on a physical computer which could be lost or stolen. Enterprises are finding it attractive to move to a virtual desktop infrastructure because most employees are not in the same physical location. 
• Pricing is clear and flexible. With both subscriptions and pay-as-you-go options, organisations can optimise and reduce costs by various means, such as scheduling VM down times via Nerdio Manager for Enterprise.

‍

Typical Azure Virtual Desktop (AVD) Architecture

It is recommended for AVD to be deployed in an enterprise-scale landing zone architecture such as the Azure Landing Zone. Most organisations adopt a hybrid infrastructure approach where end users can access resources on-premise and inside of the cloud environment. For example, a developer can securely access AVD and an on-premise SQL database in the same Virtual Desktop user session. The following architecture overview will be based on Microsoft’s Cloud Adoption Framework for Azure. 

‍

• Hub-spoke network topology to isolate workloads and allow central control over network security. The hub virtual network is the central point of connectivity to your on-premises network. Spoke virtual networks are used to isolate workloads in their own virtual networks, managed separately from other spokes. 
• ExpressRoute gateway is the entry point of the hub virtual network which connects to on-premises networks. Virtual network peering allows the exchanging of network traffic between hub and spoke virtual networks using the Azure backbone without the need for a router. 
• Virtual machines in AVD are Azure Active Directory (AD) joined. This removes a direct path from the virtual machines to on-premises AD Domain Controller (DC) or Azure AD Domain Services (DS). AD joined VMs can be managed via Microsoft Endpoint Manager (Intune) for ease of management and can also be administered via Nerdio Manager. 
• AVD user profiles are managed in FSLogix containers which are stored in Azure Files. FSLogix Containers redirect user profiles to a designated Azure storage and place the profiles in VHDx files which are mounted at run time. This eliminates network delays associated with files copying and simplifies the overall management of your storage environment. Administrators can use Private Link endpoints to secure network interfaces of Azure Files. Private Link endpoint is a network interface that uses a private IP address from its virtual network.
• AVD provides web access, remote connection gateway/broker, diagnostics and extensibility components like PowerShell libraries and REST APIs.
• Azure Firewall or other optional Network Virtual Appliances (NVA) can restrict access to Azure resources in AVD spoke networks to specific IP addresses and authorised users.

‍

‍

What is Nerdio Manager?

Nerdio Manager is a deployment, management and autoscaling platform designed for AVD environments. It offers an intuitive user interface and can easily be hosted in Azure App Service. Dynamic host pools are one of the biggest selling points for Nerdio as System Administrators can easily put in autoscaling rules to reduce costs of the various workloads.  

‍

Nerdio Manager is installed within the customer’s Azure subscription and therefore all its data and control stays within the selected Azure region. After you select the most suitable Nerdio subscription in Azure Marketplace, the following resources are created:

‍

• App Service Plan and App Service - This is where the Nerdio Manager UI is hosted and accessible to System Administrators. Custom domain and SSL certificates can be attached as per the organisation’s network policies. 
• Application Insights - It is a feature of Azure monitor that provides extensible application performance management and monitoring for Nerdio Manager’s App Service. Azure Administrators can customise Application Insights to detect performance anomalies and integrate it to on-premise alerting solutions. 
• SQL server and SQL database - Nerdio configuration and data are stored in Azure SQL Database which is a fully managed PaaS and handles most database management functions including upgrading, patching and backups. Users can choose to restrict SQL traffic to App Service IP addresses for additional security.
• ‍Key Vault - Nerdio Manager relies on communication between Azure App Service and SQL Database. This is where the connection string of the SQL Database is stored. Azure Key Vault securely stores secrets and supports managed hardware security module (HSM) pools.

‍

‍

Why Azenix chooses Nerdio

Nerdio Manager combines the simplicity of UI management and the capability of Azure Virtual Desktop which ultimately benefits businesses and their administrators in many aspects, including implementation, deployment and management. 

Instead of building custom deployment tools via a CI/CD pipeline or using endless Azure Automation Runbooks, Nerdio is a simple, secure and cost-effective solution to manage your Virtual Desktop solution for thousands of users. Typically, we find Nerdio Manager can implement and deploy Windows Virtual Desktop in about an hour. 

Its simple pricing structure, monthly active users (MAU) or named users, makes it easy for our clients to forecast consumption and costs. More importantly, Nerdio simplifies the majority of cloud and virtual desktop adoption while keeping the platform secure and flexible for different needs. 

‍

Final verdict

Azure Virtual Desktop (AVD) is a compelling option for businesses requiring a Virtual Desktop solution that are already invested in Microsoft’s portfolio of products such as Windows, Office 365 and Active Directory. In most cases, business users and developers can use their virtual desktops immediately because they are likely familiar with Windows 10 and Office 365 applications. As long as businesses can deploy an enterprise-scale landing zone architecture, AVD can be set up easily; Virtual desktops can be assigned to users within minutes. Businesses should invest in a robust Virtual Desktop management solution like Nerdio Manager, which ultimately reduces operational costs and overhead. Nerdio is the definitive Azure solution that delivers easy deployment, ongoing management and security of your AVD environment.